Hi, Running OSSEC 2.7 with one server and one agent (Linux Debian and Ubuntu), my server send me emails notification for any security level even if with the minimum set is 7 (default).
Example of events: Received From: XXXXXX->/var/log/syslog Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." Portion of the log(s): Dec 5 08:01:33 XXXXXXX udisksd[3032]: Error performing housekeeping for drive /org/freedesktop/UDisks2/drives/ST9250827AS_5RG5VLWZ: Error updating SMART data: sk_disk_check_sleep_mode: Operation not supported (udisks-error-quark, 0) Received From: (xxxxxxxx) xxx.xxx.xxx.xxx->/var/log/apache2/error_https_8081.log Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." Portion of the log(s): [Wed Dec 05 07:15:09 2012] [info] [client 127.0.0.1] SSL library error 1 in handshake (server mydomain.com:443) And as said before, my server configuration is the default one with mail_alerts_level set to 7. Thanks for you suggestion :-)
